From 20e2b552c91a8097d9b92ca68bc18bf5f005f192 Mon Sep 17 00:00:00 2001
From: travisutk <travisutk@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>
Date: Mon, 10 Jan 2011 18:47:17 +0000
Subject: [PATCH] MSKB and Skybrake support. MACs and channel must be known.

git-svn-id: https://svn.code.sf.net/p/goodfet/code/trunk@826 12e2690d-a6be-4b82-a7b7-67c4a43b65c8
---
 client/goodfet.nrf | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/client/goodfet.nrf b/client/goodfet.nrf
index 1bd234d..4c80c72 100755
--- a/client/goodfet.nrf
+++ b/client/goodfet.nrf
@@ -54,6 +54,9 @@ if(len(sys.argv)==1):
     print "%s snifftp\n\tSniffs SparkFun Dongle traffic." % sys.argv[0];
     
     print "%s sniffprom\n\tSniffs promiscuously." % sys.argv[0];
+    print "%s sniffskybrake\n\tSniffs skybrake. [broken?]" % sys.argv[0];
+    print "%s sniffmskb\n\tSniffs MS KB. [broken?]" % sys.argv[0];
+    
     
     print "%s hosttp\n\tHosts Turning Point Clicker traffic." % sys.argv[0];
 
@@ -224,6 +227,47 @@ if(sys.argv[1]=="sniffprom"):
         printpacket(packet);
         sys.stdout.flush();
 
+if(sys.argv[1]=="sniffmskb"):
+    #MSWK 3000 v2.0
+    #TODO remove all poke() calls.
+    
+    client.poke(0x00,0x00); #Stop nRF
+    client.poke(0x01,0x00); #Disable Shockburst
+    client.poke(0x02,0x01); #Set RX Pipe 0
+    
+    client.poke(0x06,0x09); #2MBps, -18dBm in RF_SETUP
+    client.poke(0x07,0x78); #Reset status register
+    
+    #This is the address of a specific keyboard.
+    #Other keyboards will be different.
+    
+    
+    client.RF_setmaclen(2);
+    
+    #Known pairs.  The channel and the low address bytes must match.
+    #client.RF_setfreq((2400+0x13) * 10**6);
+    #client.RF_setsmac(0x0c00a3598cd);
+    
+    client.RF_setfreq((2400+0x15) * 10**6);
+    client.RF_setsmac( 0x0c10446facd);
+    
+    #Mac packet length, illegally 0-length address field.
+    client.RF_setpacketlen(32);
+    
+    #Power radio, prime for RX, no checksum
+    client.poke(0x00,0x70|0x03); #0x08 for checksum, 0x04 for two.
+    
+    print "Listening as %010x on %i MHz" % (client.RF_getsmac(),
+                                           client.RF_getfreq()/10**6);
+    #Now we're ready to get packets.
+    while 1:
+        packet=None;
+        while packet==None:
+            #time.sleep(0.1);
+            packet=client.RF_rxpacket();
+        printpacket(packet);
+        sys.stdout.flush();
+
 
 
 if(sys.argv[1]=="sniffskybrake"):
-- 
2.20.1